NHS computer problems could be to blame for ‘hundreds of deaths’, academics claim

Problems with computers could be blamed for up to 900 patient deaths in the NHS a year, experts have said.

Computers are embedded across the NHS but many are "bad" and "low quality", according to two academics.

Devices in hospitals - which are used for a range of applications from storing patient records and making appointments to systems embedded in devices like MRI scanners and dialysis machines - are "unnecessarily buggy" and "susceptible to cyber-attack", according to Harold Thimbleby, professor emeritus of geometry at Gresham College in London and professor of computer science at Swansea University.

Prof Thimbleby and his colleague, Martyn Thomas, professor of information technology at Gresham College, who have delivered a lecture on NHS IT systems at the Museum of London, estimate that hundreds of deaths a year could be caused by computer problems.

Speaking in a briefing before the lecture, Prof Thimbleby said: "If you go into a hospital there isn't a good word to describe how bad stuff in a hospital is and how unaware people are in hospitals of the low quality: they're stuck with it. They're over-worked, they've got a job to do and understanding the computer systems isn't part of their job so it's understandable."

He added: "There are computers in the sterilisation unit in the basement, there are computers in the MRI scanner, there are computers everywhere keeping the NHS running.

"And we think there are 100 to 900 computer-related deaths per year and we think that is a big underestimate.

"Some recognised disasters in Britain: Piper Alpha had 167 deaths and there was a public inquiry; Ladbroke Grove, the rail crash in Paddington had 31 deaths and there was a public inquiry; Grenfell, the fire last year had 71 years, and there is a public inquiry. Why don't we have a public inquiry in the safety of hospital software?"

Prof Thomas, who is also visiting professor in software engineering at the Universities of Oxford, Aberystwyth and Bristol, described how in America research has shown that 8% of all deaths are caused by errors in hospitals.

If this figure were translated to UK healthcare, it could mean that "there are 88,000 in the NHS every year caused by preventable adverse events in hospitals", he said.

He said that a "significant proportion" of clinical negligence claims in the NHS are due to "bad computer systems, buggy computer systems, leading professionals to make mistakes. And then the professionals get blamed for it".

He added: "Badly designed computer systems can be at the heart of, can trigger or contribute to, all the causes of harm that are reported as serious adverse events.

"Even if only 1% of them were computer related that would be a significant number of deaths. On the American figures we'd be looking at 880 deaths. On the NHS's own figures it would be 108 deaths and serious injuries a year caused by bad computer systems. We think the number is probably a lot higher.

"That's a lot of money going into liability claims, it's a lot of trauma to patients and their families and it is a lot of trauma for staff because the staff get blamed and it really isn't their fault."

The pair called for better regulation of healthcare computers and more research into the implications of errors.

He added that the WannaCry ransomware attack - which crippled parts of the NHS last year - "could have killed a lot of people".

"I'm worried about the cyber security because one of these days we are going to get a properly targeted cyber-attack and when that happens it's not going to be pretty," Prof Thomas said.

The comments come a day after the Public Accounts Committee heard that all 200 NHS trusts assessed for cyber security vulnerabilities have failed to meet the standard required.

A Department of Health and Social Care spokeswoman said: "Patient safety is our priority, and our £4.2 billion investment in technology will help eliminate avoidable harm.

"It's encouraging that there were no reports of patient harm or of patient data being compromised in the Wannacry attack. We are now re-doubling our focus on cybersecurity with an extra £46 million to improve resilience in major trauma centres and support at risk organisations, with a further £150 million committed by 2020."